mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
Add a missing bn_restore_invariant in RSA blinding code.
We were inventing a random number by starting with a long zero bignum and then setting bits at random, which left an opportunity for the result to be a non-normalised representation (with a leading zero word) and hence fail an assertion in bignum_cmp. [originally from svn r10147]
This commit is contained in:
parent
e2a5c6b679
commit
b8e5f74d4a
1
sshrsa.c
1
sshrsa.c
@ -264,6 +264,7 @@ static Bignum rsa_privkey_op(Bignum input, struct RSAKey *key)
|
|||||||
bitsleft--;
|
bitsleft--;
|
||||||
bignum_set_bit(random, bits, v);
|
bignum_set_bit(random, bits, v);
|
||||||
}
|
}
|
||||||
|
bn_restore_invariant(random);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Now check that this number is strictly greater than
|
* Now check that this number is strictly greater than
|
||||||
|
Loading…
Reference in New Issue
Block a user